<?php 
 
 //This is the directory where images will be saved 
 $target = "images/"; 
 $target = $target . basename( $_FILES['photo']['name']); 
 
 //allowed file types
 $allowedFileTypes = array('.jpg','.gif','.bmp','.png');
 
 //This gets all the other information from the form 


 
 // Connects to your Database 
// mysql_connect("your.hostaddress.com", "username", "password") or die(mysql_error()) ; 
// mysql_select_db("Database_Name") or die(mysql_error()) ; 
 


//111

if ((($_FILES["photo"]["type"] == "image/gif")
|| ($_FILES["photo"]["type"] == "image/jpeg")
|| ($_FILES["photo"]["type"] == "image/pjpeg")
|| ($_FILES["photo"]["type"] == "image/png")
)
&& ($_FILES["photo"]["size"] < 3072000))
  {
  
 $picSize = $_FILES['photo']['size'];
 $fileType = $_FILES['photo']['type'];
 
 $theImage = file_get_contents($_FILES['photo']['tmp_name']);
 
 $filename = $_FILES['photo']['name'];
 $img_category = "avatar";  
  
  if ($_FILES["photo"]["error"] > 0)
    {
    echo "Return Code: " . $_FILES["photo"]["error"] . "<br />";
    }
  else
    {
    echo "Upload: " . $_FILES["photo"]["name"] . "<br />";
    echo "Type: " . $_FILES["photo"]["type"] . "<br />";
    echo "Size: " . ($_FILES["photo"]["size"] / 1024) . " Kb<br />";
    echo "Temp file: " . $_FILES["photo"]["tmp_name"] . "<br />";

    if (file_exists("upload/" . $_FILES["photo"]["name"]))
      {
      echo $_FILES["file"]["name"] . " already exists. ";
      }
    else
      {

		//record into database
		$theServer = "scc-sql-1";
		$connectionInfo = array("UID"=>"eja", "PWD"=>"dumbledore", "Database"=>"intranetv9");
		$conn = sqlsrv_connect( $theServer, $connectionInfo);
		
		
		if( $conn )
		{
		}
		else
		{
		     echo "Connection could not be established.\n";
		     die( print_r( sqlsrv_errors(), true));
		}
		
		//get the current user and check for impersonation
		$username = substr(strrchr($_SERVER['REMOTE_USER'], '\\'), 1);
		$student = $username; //"10106710";
		$developers = array("jarmitage","rblake","sjones","kwilliams","csmith1","rwilkins");
		 
		
		$query = "insert into intranetv9.dbo.si_imageuploads (s_studentreference, img_category,  img_type, img_filename, img_content) values (?, ?, ?, ?, ?)";
		$query_Params = array($student, $img_category, $fileType, $filename, $theImage);
		 
		$runQuery = sqlsrv_query( $conn, $query, $query_Params);
		
		
			if ($runQuery)
			{
			echo "Thanks, your image has been uploaded.\n";
			}
				
			else
			{
				echo("query failed.\n");
				die(print_r(sqlsrv_errors(),true));
			}	

		//end database insert

      }
    }
  }
else
  {
  echo "Invalid file";
 echo "Upload: " . $_FILES["photo"]["name"] . "<br />";
    echo "Type: " . $_FILES["photo"]["type"] . "<br />";
    echo "Size: " . ($_FILES["photo"]["size"] / 1024) . " Kb -- maximum allowed = 3072000<br />";
    echo "Temp file: " . $_FILES["photo"]["tmp_name"] . "<br />";
 	echo "errors: ".$_FILES["photo"]["error"];
  }

 
 ?>
 